Malicious PDF — malware analysis report

Static analysis result for SHA-256 4bfb02afc101c0da…

MALICIOUS

PDF

35.8 KB Created: 2019-12-13 13:35:04 +03:00 Authoring application: Adobe Illustrator CS3 (via Adobe PDF library 8.00)
MD5: f3207ca900784b2556dbc0b7cb237b83 SHA-1: d47491484db7ababbdde96695333e93ad45d146a SHA-256: 4bfb02afc101c0da68dd4f6db06b456ea00bdd588b56704dbdf115a67a37ffe5
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a large number of embedded links to external PDFs, as detected by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be SEO manipulation or a link farm designed to direct users to potentially malicious content hosted on www.gorillawalker.com. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8258

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/battle-fields-of-the-south-bull-run-to-fredericksburg-with.pdf
    • http://www.gorillawalker.com/using-insulin-everything-you-need-for-success-with-insulin.pdf
    • http://www.gorillawalker.com/the-spiritual-double-cross.pdf
    • http://www.gorillawalker.com/characterization-techniques-and-tabulations-for-organic-nonlinear-optical-materials-optical.pdf
    • http://www.gorillawalker.com/smartin-up-your-professionalism-in-365-tweets.pdf
    • http://www.gorillawalker.com/how-to-become-a-power-agent-in-real-estate-a.pdf
    • http://www.gorillawalker.com/from-cyrus-to-alexander-a-history-of-the-persian-empire.pdf
    • http://www.gorillawalker.com/the-annals-of-sennacherib-ancient-texts-and-translations.pdf
    • http://www.gorillawalker.com/the-thunder-factory-an-illustrated-history-of-the-republic-aviation.pdf
    • http://www.gorillawalker.com/tough-luck-vito-spirou-fantasio-vol-8.pdf
    • http://www.gorillawalker.com/cursive-handwriting.pdf
    • http://www.gorillawalker.com/song-of-lawino-song-of-ocol-print-replica-kindle-edition.pdf
    • http://www.gorillawalker.com/get-it-together-for-college-3rd-edition-a-planner-to.pdf
    • http://www.gorillawalker.com/more-perfect-than-the-moon-sarah-plain-and-tall-saga.pdf
    • http://www.gorillawalker.com/hazardous-and-radioactive-waste-treatment-technologies-handbook-handbook-series-for.pdf
    • http://www.gorillawalker.com/dark-space-origin.pdf
    • http://www.gorillawalker.com/child-atlas-human-body.pdf
    • http://www.gorillawalker.com/american-icons-viaggio-tra-i-luoghi-pi.pdf
    • http://www.gorillawalker.com/a-democracy-of-facts-natural-history-in-the-early-republic.pdf
    • http://www.gorillawalker.com/a-history-of-italy-palgrave-essential-histories.pdf
    • http://www.gorillawalker.com/e-121-666-rasputin-catamite-kindle-edition.pdf
    • http://www.gorillawalker.com/coffee-a-guide-to-buying-brewing-enjoying-revised-edition.pdf
    • http://www.gorillawalker.com/power-of-bacterial-genetics-a-literature-based-course.pdf
    • http://www.gorillawalker.com/opera-latina-varii-argumenti-ad-reformationis-historiam-imprimis-pertinentia-latin.pdf
    • http://www.gorillawalker.com/neptune-s-nursery.pdf
    • http://www.gorillawalker.com/carpe-corpus-time-and-gender-in-early-modern-france.pdf
    • http://www.gorillawalker.com/life-explained-an-editions-odile-jacob-book.pdf
    • http://www.gorillawalker.com/patterson-heights-turtleback-school-library-binding-edition-kimani-tru.pdf
    • http://www.gorillawalker.com/chemistry-and-medicines-an-introductory-text.pdf
    • http://www.gorillawalker.com/convair-deltas-from-seadart-to-hustler.pdf
    • http://www.gorillawalker.com/kennedy-and-the-cuban-missile-crisis-days-of-decision.pdf
    • http://www.gorillawalker.com/the-brain-s-way-of-healing-remarkable-discoveries-and-recoveries.pdf
    • http://www.gorillawalker.com/the-book-of-kells-forty-eight-pages-and-details-in.pdf
    • http://www.gorillawalker.com/the-modern-history-of-ethiopia-and-the-horn-of-africa.pdf
    • http://www.gorillawalker.com/m4-sherman-vs-type-97-chi-ha-the-pacific-1945.pdf
    • http://www.gorillawalker.com/sherlock-holmes-was-wrong-reopening-the-case-of-the-hound.pdf
    • http://www.gorillawalker.com/experimental-psychology-study-guide-for-myers-and-hansen-s.pdf
    • http://www.gorillawalker.com/animal-folk-art-cd-rom-and-book-dover-electronic-clip.pdf
    • http://www.gorillawalker.com/income-inequality-in-oecd-countries-what-are-the-drivers-and.pdf
    • http://www.gorillawalker.com/construction-operations-manual-of-policies-and-procedures-construction-operations-manual.pdf
    • http://www.gorillawalker.com/tough-luck-vito-spirou-fantasio-v
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.